link and linkdescription XSS in Social Share

Summary

Vulnerability
link and linkdescription XSS in Social Share
Discovered
2010.12.07
Last Update
n/a n/a
ID
EV0165
CVE
n/a
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Social Share (http://sourceforge.net/projects/socialshare/)
Version
2010-06-05
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Social Share (http://sourceforge.net/projects/socialshare/) script.

Cross Site Scripting
It is possible to inject xss code into link and linkdescription parameters in processPost.php script.

Parameters link and linkdescription are not properly sanitized before being used in HTML code.

PoC/Exploit

XSS Examples.

link: javascript:alert('XSS')

description: "><script>alert('XSS')</script><aaa aa="

Solution.

Solution for "link and linkdescription XSS in Social Share" is not available. Check vendor's website for updates.